Description

In Development IL ecdh before 0.2.0, an attacker can send an invalid point (not on the curve) as the public key, and obtain the derived shared secret.

Remediation

References

https://github.com/developmentil/ecdh/issues/3

Related Vulnerabilities

CVE-2021-32855 Vulnerability in npm package vditor

CVE-2023-24621 Vulnerability in maven package com.esotericsoftware.yamlbeans:yamlbeans

CVE-2023-50101 Vulnerability in maven package com.jfinal:jfinal

CVE-2021-23555 Vulnerability in npm package vm2

CVE-2022-24377 Vulnerability in npm package cycle-import-check

Severity

High

Classification

CWE-668 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Exploit Issue Tracking